| Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
01-12-2011, 02:08 AM
|
#1
|
|
Member
Registered: Apr 2008
Distribution: Slackware64 13.37, Solaris 10, RHEL5/6
Posts: 92
Rep: 
|
DNS Config Problem - nslook, dig not working
Hi,
I've been working on DNS on my personal system for a few days already but I can't seem to get it working. I followed some posts here in this forum and other sites, but I can't find any more problems on my configuration files.
I'm hoping someone can shed a light...
/etc/named.conf
Code:
acl "safe-subnet" { 192.168.10.0/24; };
options
{
directory "/var/named"; // "Working" directory
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
listen-on port 53 { 127.0.0.1; safe-subnet; };
allow-query { localhost; safe-subnet; };
allow-query-cache { localhost; safe-subnet; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
//dnssec-lookaside auto;
};
logging
{
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "localhost_resolver"
{
match-clients { localhost; };
recursion yes;
zone "." IN {
type hint;
file "/var/named/named.ca";
};
include "/etc/named.rfc1912.zones";
};
view "internal"
{
match-clients { localnets; localhost; safe-subnet; };
match-destinations { localnets; localhost; safe-subnet; };
recursion yes;
zone "." IN {
type hint;
file "/var/named/named.ca";
};
zone "rhcelab.com" IN {
type master;
file "rhcelab.com.zone";
allow-query { localnets; localhost; safe-subnet; };
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "rhcelab.com.rr.zone";
allow-query { localnets; localhost; safe-subnet; };
};
include "/etc/named.rfc1912.zones";
zone "my.internal.zone" {
type master;
file "my.internal.zone.db";
};
zone "my.slave.internal.zone" {
type slave;
file "slaves/my.slave.internal.zone.db";
masters { 192.168.10.1; 127.0.0.1; } ;
// put slave zones in the slaves/ directory so named can update them
};
};
include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { rndc-key; };
};
key ddns_key
{
algorithm hmac-md5;
secret "045/xcHIIToffw+qmdOO8IiAbMdIb4iO2+8Xw7uCiCM=";
};
view "external"
{
match-clients { any; };
zone "." IN {
type hint;
file "/var/named/named.ca";
};
recursion no;
};
rhcelab.com.zone
Code:
$TTL 1D
$ORIGIN rhcelab.com.
@ IN SOA ns1.rhcelab.com. root.rhcelab.com. (
201101105 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ; minimum TTL of 1 day
)
;
;
@ NS ns1.rhcelab.com.
@ MX 10 mail.rhcelab.com.
;
;
rhcelab.com. A 192.168.10.1
localhost A 127.0.0.1
ns1 A 192.168.10.1
mail A 192.168.10.1
rhel6svrA A 192.168.10.1
rhel6client1A A 192.168.10.10
;
;
www CNAME rhel6svrA
rhcelab.com.rr.zone
Code:
$TTL 86400
@ IN SOA ns1.rhcelab.com. root.rhcelab.com. (
201101106 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ; minimum TTL of 1 day
)
;
IN NS ns1.rhcelab.com.
;
1 IN PTR ns1.rhcelab.com.
1 IN PTR mail.rhcelab.com.
;
1 IN PTR rhel6svrA.rhcelab.com.
10 IN PTR rhel6client1A.rhcelab.com.
Here is the result of nslookup:
Code:
# nslookup rhel6svrA.rhcelab.com
Server: 192.168.10.1
Address: 192.168.10.1#53
** server can't find rhel6svrA.rhcelab.com: NXDOMAIN
firewall and SELinux are turned off.
I'd appreciate any help...
-gibb |
|
|
|
|
01-12-2011, 03:15 AM
|
#2
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,223
|
Hi,
You don't need the internal zone, so you can remove it. You should remove and the "recursion yes;" in the global options part and leave the recursion settings per view.
Also use:
Code:
listen-on port 53 { any; };
as "safe-subnet" is a subnet address, not a single IP
Regards |
|
|
|
|
01-12-2011, 03:38 AM
|
#3
|
|
LQ Newbie
Registered: Jan 2011
Posts: 7
Rep: 
|
hi,
you just put like this in line 15
listen-on port 53{192.168.0.0/24}
|
|
|
|
|
01-12-2011, 03:55 AM
|
#4
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,223
|
Quote:
Originally Posted by nandhapswan
hi,
you just put like this in line 15
listen-on port 53{192.168.0.0/24}
|
You cannot put a whole subnet like 192.168.0.0/24 (that is 255 IPs!!!) as the listening IP for named to bind to it |
|
|
|
|
01-12-2011, 04:14 AM
|
#5
|
|
Member
Registered: Apr 2008
Distribution: Slackware64 13.37, Solaris 10, RHEL5/6
Posts: 92
Original Poster
Rep:
|
Hi bathory,
Thanks for the inputs. I changed the named.conf file as suggested and restarted named, but nslookup still gives the same result.
Code:
# nslookup rhel6svrA.rhcelab.com
Server: 192.168.10.1
Address: 192.168.10.1#53
** server can't find rhel6svrA.rhcelab.com: NXDOMAIN
Also in /var/log/messages, I see below entry.
Code:
Jan 12 05:01:21 rhel6svrA named[2404]: error (network unreachable) resolving 'rhel6svrA.rhcdlab.com.rhcelab.com/A/IN': 2001:503:231d::2:30#53
I'm not sure why it's trying to resolve with IPv6 address. My system is enabled for IPv6 but no configuration is done.
Code:
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:05:be:68 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.8/24 brd 192.168.0.255 scope global eth0
inet6 fe80::a00:27ff:fe05:be68/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:10:fe:30 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.1/24 brd 192.168.10.255 scope global eth1
inet6 fe80::a00:27ff:fe10:fe30/64 scope link
valid_lft forever preferred_lft forever
Could this be a part of the problem?
TIA,
-gibb |
|
|
|
|
01-12-2011, 04:40 AM
|
#6
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,223
|
Quote:
|
Jan 12 05:01:21 rhel6svrA named[2404]: error (network unreachable) resolving 'rhel6svrA.rhcdlab.com.rhcelab.com/A/IN': 2001:503:231d::2:30#53
|
Could be the ipv6 address your resolver uses
What gives:
Code:
dig rhel6svrA.rhcelab.com @192.168.10.1
|
|
|
|
|
01-12-2011, 04:51 AM
|
#7
|
|
Member
Registered: Apr 2008
Distribution: Slackware64 13.37, Solaris 10, RHEL5/6
Posts: 92
Original Poster
Rep:
|
Hi bathory,
I get below:
Code:
dig rhel6svrA.rhcelab.com @192.168.10.1
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> rhel6svrA.rhcelab.com @192.168.10.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42788
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;rhel6svrA.rhcelab.com. IN A
;; AUTHORITY SECTION:
com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1294829094 1800 900 604800 86400
;; Query time: 121 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Wed Jan 12 05:44:37 2011
;; MSG SIZE rcvd: 112
It fails with NXDOMAIN and AUTHORITY SECTION reports to wrong authority.
TIA,
-gib |
|
|
|
|
01-12-2011, 05:01 AM
|
#8
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,223
|
Could you post the new named.conf?
|
|
|
|
|
01-12-2011, 05:18 AM
|
#9
|
|
Member
Registered: Apr 2008
Distribution: Slackware64 13.37, Solaris 10, RHEL5/6
Posts: 92
Original Poster
Rep:
|
Here you go:
Code:
acl "safe-subnet" { 192.168.10.0/24; };
options
{
directory "/var/named"; // "Working" directory
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
listen-on port 53 { any; };
allow-query { localhost; safe-subnet; };
allow-query-cache { localhost; safe-subnet; };
dnssec-enable yes;
dnssec-validation yes;
};
logging
{
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "localhost_resolver"
{
match-clients { localhost; };
recursion yes;
# all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};
include "/etc/named.rfc1912.zones";
};
view "internal"
{
match-clients { localnets; localhost; safe-subnet; };
match-destinations { localnets; localhost; safe-subnet; };
recursion yes;
zone "." IN {
type hint;
file "/var/named/named.ca";
};
zone "rhcelab.com" IN {
type master;
file "/var/named/rhcelab.com.zone";
allow-query { localnets; localhost; safe-subnet; };
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "/var/named/rhcelab.com.rr.zone";
allow-query { localnets; localhost; safe-subnet; };
};
include "/etc/named.rfc1912.zones";
};
include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { rndc-key; };
};
key ddns_key
{
algorithm hmac-md5;
secret "045/xcHIIToffw+qmdOO8IiAbMdIb4iO2+8Xw7uCiCM=";
};
view "external"
{
match-clients { any; };
zone "." IN {
type hint;
file "/var/named/named.ca";
};
recursion no;
};
TIA,
-gibb |
|
|
|
|
01-12-2011, 06:11 AM
|
#10
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,223
|
Oups, when I told you don't need the internal zone, I meant the view "localhost_resolver". So try this:
Code:
acl "safe-subnet" { 192.168.10.0/24; };
options
{
directory "/var/named"; // "Working" directory
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
listen-on port 53 { any; };
allow-query { localhost; safe-subnet; };
allow-query-cache { localhost; safe-subnet; };
dnssec-enable yes;
dnssec-validation yes;
};
logging
{
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
/* THIS VIEW IS NOT NEEDED
view "localhost_resolver"
{
match-clients { localhost; };
recursion yes;
# all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};
include "/etc/named.rfc1912.zones";
};
*/
view "internal"
{
match-clients { localnets; localhost; safe-subnet; };
match-destinations { localnets; localhost; safe-subnet; };
recursion yes;
zone "." IN {
type hint;
file "/var/named/named.ca";
};
zone "rhcelab.com" IN {
type master;
file "/var/named/rhcelab.com.zone";
allow-query { localnets; localhost; safe-subnet; };
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "/var/named/rhcelab.com.rr.zone";
allow-query { localnets; localhost; safe-subnet; };
};
include "/etc/named.rfc1912.zones";
};
include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { rndc-key; };
};
key ddns_key
{
algorithm hmac-md5;
secret "045/xcHIIToffw+qmdOO8IiAbMdIb4iO2+8Xw7uCiCM=";
};
view "external"
{
match-clients { any; };
zone "." IN {
type hint;
file "/var/named/named.ca";
};
recursion no;
};
|
|
|
|
|
01-12-2011, 11:31 AM
|
#11
|
|
LQ Newbie
Registered: Dec 2010
Posts: 11
Rep:
|
In the listen on port 53 specific the IP Address of the interface on the machine that you want bind to listen for requests on. Also take out any from the listen on port 53.
|
|
|
|
|
01-12-2011, 01:32 PM
|
#12
|
|
Member
Registered: Apr 2008
Distribution: Slackware64 13.37, Solaris 10, RHEL5/6
Posts: 92
Original Poster
Rep:
|
[SOLVED] DNS Config Problem - nslookup, dig not working
Yipee! Thanks, bathory.
After removing the local_resolver view, it started working! I guess it was for caching only nameserver and was not needed...
Thanks again. Now I can go forward with my project.
-gibb
|
|
|
|
All times are GMT -5. The time now is 04:04 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
